CVE-2024-11582

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 19, 2025

CWE ID 79

Summary

CVE-2024-11582 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Subscribe2 – Form, Email Subscribers & Newsletters plugin for WordPress. The issue lies in the insufficient input sanitization and output escaping of the ip parameter, which can be exploited by unauthenticated attackers. The consequence of this vulnerability is the injection of arbitrary web scripts into pages, causing them to execute whenever a user accesses an injected page. All versions of the plugin up to and including 10.43 are reportedly impacted by this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0uwLaH
https://www.cve.org/CVERecord?id=CVE-2024-11582
https://nvd.nist.gov/vuln/detail/CVE-2024-11582

Back to Vulnerability Database

CVE-2024-11582

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations